UN’s OEWG Concludes: Paving the Way for a Permanent Global Cybersecurity Mechanism

The Open-Ended Working Group (OEWG) on security and the use of information and communication technologies (ICTs) in the context of international security has concluded its work in New York. After nearly five years of intensive deliberations, representatives of participating states adopted the final report, which encapsulates the OEWG’s achievements under the mandate established by UN General Assembly Resolution 75/240. The consensus-approved document will be submitted for consideration at the 80th session of the General Assembly.

OEWG Chair Burhan Gafoor noted that achieving consensus required navigating extremely narrow margins for compromise. He urged delegations to refrain from further amendments, cautioning against disrupting the delicate balance that had been reached. The report consolidates key outcomes developed throughout the group’s work and lays the groundwork for transitioning to a new, permanent mechanism that will continue the UN’s efforts in the realm of cybersecurity.

The final report underscores that the OEWG operated amid escalating geopolitical tensions and a growing number of incidents involving the malicious use of ICTs by both state and non-state actors. Delegates highlighted the active and constructive participation of representatives from all regions, reaffirming the importance of intergovernmental engagement in fostering trust and developing shared approaches to ICT security.

The report affirms that over the course of eleven sessions, three annual reports were adopted, culminating in the final document. Collectively, these reports form an evolutionary and cumulative foundation for responsible state behavior in cyberspace. It emphasizes that international law, including the UN Charter, is fully applicable to the digital domain and is essential for maintaining global peace and stability.

Particular attention is given to both existing and emerging threats. Key challenges identified include the rise of attacks on critical infrastructure and its information components, the proliferation of malicious software, cybercrime, exploitation of hidden functionalities in digital products, the growth of commercial hacking tools, and the vulnerability of supply chains. Additional risks linked to technological advances—such as artificial intelligence, quantum computing, cloud services, and the Internet of Things—are also addressed.

States expressed concern over the surge in large-scale disinformation campaigns and digital interference in domestic affairs. The threats posed by spyware, ransomware, and exploits accessible to non-expert users were specifically noted. The report stresses the need to implement security-by-design principles throughout ICT product development and to enhance transparency within supply chains. Priority actions include the development of national regulatory standards, bolstering the protection of VPNs, ICS, and CII systems, and improving the exchange of assistance request templates for cyber incidents among states.

The report devotes considerable space to state-led initiatives and concrete proposals. Discussions included measures for implementing existing norms—such as the use of a voluntary checklist included in the second annual report—as a tool for evaluating current capacities and planning improvements.

Simultaneously, states explored the potential for establishing new norms adapted to the rapidly evolving digital environment, without discarding existing agreements. Proposals included strengthening supply chain integrity, regulating the commercial distribution of hacking tools, and mandating the integration of security features at the design phase of devices. Concerns were also raised about countering the malicious use of commercially available hacking tools, particularly given their rapid spread across underground platforms.

Special emphasis is placed on the establishment of the Global Secure Cyberspace Cooperation Portal (GSCCP), envisioned as the technical and organizational backbone of the future permanent mechanism. The portal will centralize access to current information on activities, best practices, training programs, and provide digital tools for assessing cybersecurity readiness.

GSCCP will also be integrated with the Global Directory of Contact Points to enable swift communication between states. Over time, the portal is expected to evolve into a comprehensive platform reflecting nations’ cybersecurity needs, facilitating knowledge exchange, supporting training applications, and minimizing redundant initiatives.

The report highlights trust-building measures as a core achievement. These include the launch of the contact directory, joint exercises, and the development of communication templates for incident response between states. The OEWG is recognized as a vital forum for fostering confidence, a role that the upcoming mechanism is expected to inherit and expand.

The document also records proposals to establish thematic working groups, convene regular plenary sessions, and involve relevant stakeholders—including academia, the private sector, and NGOs—in an advisory capacity within the future framework. These steps are intended to ensure a smooth and effective transition from the OEWG to the new institutional structure.

With the signing of the final document, the OEWG formally concludes its five-year mandate, passing the baton to a permanent mechanism under UN auspices—destined to become the central forum for advancing global digital security.